Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Services.exe : 100% CPU dans tous les modes

laidet

Par laidet
dans Analyses et éradication malwares

 Partager

Messages recommandés

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

J'ai déja désactivé une fois le Plug and Play et mon windows a tourné. tout ne fonctionnait pas certe mais il tournait, j'avais internet et c'est grace à cela que j'ai pu télécharger Hijackthis. Mais depuis que je l'ai redémaré, c'est à nouveau bloqué.

 

Je vais tenté la restauration puis si ça ne change rien essayé de réalisé tes actions.

 

Merci

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

Re

 

Alors, je ne peux pas restaurer car je n'ai aucun point de restaure à part un qui date d'aujourd'hui, donc pas avant les problèmes. Y a t'il une solution de restaure quand même ?

 

Merci d'avance.

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

Ci dessous log.txt issu d'un scan en mode normal mais avec le services.exe désactivé : est ce utile ou dois je lancer un scan en mode normal avec tous les services tournants ?

 

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by install at 2010-01-21 21:10:50

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 26 GB (39%) free of 65 GB

Total RAM: 1023 MB (34% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:11:39, on 21/01/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Restore\rstrui.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\install\Bureau\RSIT.exe

E:\Aurélien\Mes fichiers reçus\HiJackThis\install.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Microsoft Office Outlook] C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE /recycle

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - D:\mrbookmakerfrMPP\MPPoker.exe (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://D:\The Tournament Director\comdlg32.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EasyModApache - Unknown owner - C:\Program Files\EasyBox\apache\apache.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/install/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 7299 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\1-Click Maintenance.job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1132680612.job

C:\WINDOWS\tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job

C:\WINDOWS\tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job

C:\WINDOWS\tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-17 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-17 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-08-23 968696]

"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-17 8478720]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2007-04-27 312328]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"Microsoft Office Outlook"=C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE [2008-05-21 12844576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\83exmodulau.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\83exmodulau.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\85exmodulau.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\85exmodulau.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulax.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulax.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulax.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulax.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\99exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\99exmodulay.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\81exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\81exmodulay.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\75exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\75exmodulay.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\1exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\1exmodulay.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\78exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\78exmodulaz.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulaz.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\66exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\66exmodulaz.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\4exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\4exmodulaz.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulba.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\82exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\82exmodulba.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\32exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\32exmodulba.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\54exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\54exmodulba.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\29exmodulbb.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\29exmodulbb.exe:*:Enabled:Microsoft Update"

"C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulbb.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulbb.exe:*:Enabled:Microsoft Update"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\Konami\Pro Evolution Soccer 2008\PES2008.exe"="D:\Konami\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"

"C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9be0cb-4954-11de-b74e-001966628408}]

shell\AutoRun\command - K:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e00d81c8-e1bf-11d9-b140-0011d8ce8029}]

shell\AutoRun\command - F:\GTRLaunch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33d87c2-4211-11de-b74d-001966628408}]

shell\AutoRun\command - I:\WDSetup.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-01-21 21:10:50 ----D---- C:\rsit

2010-01-18 23:36:25 ----A---- C:\WINDOWS\system32\lsdelete.exe

2010-01-18 22:23:52 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2010-01-18 21:44:24 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2010-01-18 21:43:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-01-18 21:28:24 ----D---- C:\Program Files\Fichiers communs\Borland Shared

2010-01-18 21:28:24 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL

2010-01-18 21:28:06 ----D---- C:\Program Files\ZebHelpProcess

2010-01-18 21:13:34 ----D---- C:\Program Files\ZHPFix

2010-01-18 20:57:05 ----D---- C:\WINDOWS\BDOSCAN8

2010-01-16 00:16:46 ----A---- C:\WINDOWS\ntbtlog.txt

2009-12-24 17:46:38 ----D---- C:\Program Files\Lock Folder XP

 

======List of files/folders modified in the last 1 months======

 

2010-01-21 21:10:16 ----D---- C:\WINDOWS\Internet Logs

2010-01-21 20:32:08 ----D---- C:\WINDOWS

2010-01-21 20:24:31 ----D---- C:\Program Files\Mozilla Firefox

2010-01-21 20:23:25 ----AD---- C:\Program Files\eMule Applejuice

2010-01-21 20:22:07 ----D---- C:\WINDOWS\Temp

2010-01-21 20:15:24 ----SD---- C:\WINDOWS\Tasks

2010-01-21 20:11:45 ----SHD---- C:\System Volume Information

2010-01-21 20:11:45 ----D---- C:\WINDOWS\system32\Restore

2010-01-21 20:11:33 ----D---- C:\WINDOWS\system32\ZoneLabs

2010-01-21 20:10:00 ----D---- C:\WINDOWS\system32

2010-01-21 20:10:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-01-21 20:07:04 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-21 20:07:02 ----SHD---- C:\WINDOWS\CSC

2010-01-20 08:43:54 ----D---- C:\WINDOWS\Prefetch

2010-01-19 23:11:29 ----SH---- C:\boot.ini

2010-01-19 23:11:29 ----A---- C:\WINDOWS\win.ini

2010-01-19 23:11:24 ----A---- C:\WINDOWS\system.ini

2010-01-19 19:17:42 ----D---- C:\WINDOWS\Minidump

2010-01-18 22:33:12 ----D---- C:\Program Files\TuneUp Utilities 2007

2010-01-18 22:16:13 ----D---- C:\Program Files\Lavasoft

2010-01-18 22:16:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-01-18 22:06:04 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-18 21:51:26 ----D---- C:\WINDOWS\system32\drivers

2010-01-18 21:51:17 ----HD---- C:\WINDOWS\inf

2010-01-18 21:50:53 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-01-18 21:44:24 ----SHD---- C:\WINDOWS\Installer

2010-01-18 21:43:44 ----D---- C:\WINDOWS\WinSxS

2010-01-18 21:28:24 ----D---- C:\Program Files\Fichiers communs

2010-01-18 21:28:06 ----RD---- C:\Program Files

2010-01-18 20:57:08 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-18 20:43:49 ----D---- C:\WINDOWS\pss

2010-01-16 15:26:32 ----D---- C:\Program Files\Microsoft IntelliPoint

2010-01-16 15:26:31 ----D---- C:\Program Files\Microsoft IntelliType Pro

2010-01-16 10:49:16 ----D---- C:\Documents and Settings

2010-01-09 12:25:52 ----D---- C:\Program Files\Windows Live Safety Center

2010-01-04 21:09:06 ----A---- C:\WINDOWS\NeroDigital.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-10-05 82380]

R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-11-25 54368]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-08-23 392824]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-09-04 271360]

R2 AvgTdi;AVG Network redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2005-09-24 4704]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-09-04 18048]

R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-07-25 137344]

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-09-28 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-09-28 55936]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]

R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-07-25 12032]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-17 6845152]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]

R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []

S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-01 3072]

S3 slabbus;INFORAD USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []

S3 slabser;INFORAD USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys []

S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

S3 TMBUS;Thrustmapper Device Enumerator; C:\WINDOWS\system32\drivers\TMBUS.sys []

S3 TMMEmu;Thrustmapper virtual Mouse device driver; C:\WINDOWS\system32\drivers\TMMEmu.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-18 1181328]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-17 155715]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

S2 EasyModApache;EasyModApache; C:\Program Files\EasyBox\apache\apache.exe -k runservice []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

S4 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-08-23 75768]

 

-----------------EOF-----------------

 

 

Ci dessous mon info.txt issu de mon scan

 

 

 

 

info.txt logfile of random's system information tool 1.06 2010-01-21 21:12:23

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

3114 SATARAID5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9

Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Correctif Windows XP - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"

Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe

FreeUndelete-->C:\Program Files\FreeUndelete\GLFCA.exe /handle:fru

GetDataBack for FAT and GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}\setup.exe" -l0x9 -removeonly

Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}

GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"E:\Aurélien\Mes fichiers reçus\HiJackThis\HijackThis.exe" /uninstall

HomePlayer 1.5.7-->C:\Program Files\HomePlayer\uninst.exe

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series

ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iPhone Tunnel Suite 2.7 BETA-->"C:\Program Files\iPhone Tunnel Suite 2.7 BETA\unins000.exe"

iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}

Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}

Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}

Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}

NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Photo et imagerie HP 1.0 - PSC 2000 Series Pilote-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}

Photo et imagerie HP 1.0 - PSC 2000 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\fra\hposcr01.exe -forcereboot -datfile hposcr01.dat

Photo et imagerie HP 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}

PokerStars-->"D:\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"

PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Readiris 7.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\Setup.exe" -l0x40c

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q

SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe

SolidWorks 2008 API SDK-->MsiExec.exe /X{F02651E6-BFB4-4CF2-ADE0-DA44D90B573F}

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

TCPMP-->C:\Program Files\Microsoft ActiveSync\TCPMP\Uninstall.exe TCPMP

TomTom HOME 2.7.2.1825-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}

Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinFast® Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly

WinSCP 4.1.9-->"C:\Program Files\WinSCP\unins000.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

yEnc32 (remove only)-->"C:\Program Files\eSite Media\yEnc32\uninstall.exe"

ZebHelpProcess 2.34-->"C:\Program Files\ZebHelpProcess\unins000.exe"

ZHPFix 1.12-->"C:\Program Files\ZHPFix\unins000.exe"

ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

======Security center information======

 

AV: Système anti-virus AVG 7.0.323

AV: avast! antivirus 4.8.1368 [VPS 100117-1]

FW: ZoneAlarm Pro Firewall

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=1f00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"tvdumpflags"=8

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, bien joué. Il va falloir faire la même chose pour lancer le programme suivant (qui ferme le maximum de choses).

Attention, ce programme est à manier avec d'infinies précautions, et à ne pas interrompre, même si c'est interminable.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

Merci pour ta réponse.

 

Juste pour info, que les choses soient claires, les logs si dessus ont été généré avec le services.exe causant mes problèmes "Arreté".

Puis je redémaré mon PC en désactivant toujours services.exe pour réaliser ta dernière tache combofix ?

Merci d'avance.

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Ci dessous le log du combofix.

 

 

 

ComboFix 10-01-25.01 - install 25/01/2010 21:03:27.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.595 [GMT 1:00]

Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\install\Application Data\Dossier de téléchargement Share-to-Web

c:\program files\BulletProofSoft.com

c:\recycler\NPROTECT

C:\Thumbs.db

c:\windows\EventSystem.log

c:\windows\system32\m3.dll

c:\windows\system32\testdll.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_WINDOWS_LOG

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-25 au 2010-01-25 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner

2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit

2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared

2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-01-18 20:28 . 2010-01-22 17:59 -------- d-----w- c:\program files\ZebHelpProcess

2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix

2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-25 20:15 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat

2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp

2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip

2010-01-21 19:23 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice

2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-21 02:30 . 2010-01-18 20:50 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-01-21 02:25 . 2010-01-18 20:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-01-21 02:22 . 2010-01-18 20:50 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp

2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007

2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft

2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft

2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip

2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp

2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp

2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp

2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp

2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp

2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp

2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-28 22:08 . 2006-11-10 16:11 33524888 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP

2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe

2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java

2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod

2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour

2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime

2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 13b8

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-03 22:54 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook]

2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PlugPlay"=2 (0x2)

"Eventlog"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"nwiz"=nwiz.exe /install

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"SkyTel"=SkyTel.EXE

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler

"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=

"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 EasyModApache;EasyModApache;c:\program files\EasyBox\apache\apache.exe [x]

S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys [2004-04-30 160640]

S0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [2004-04-30 5248]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]

S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-18 1181328]

S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2005-07-25 137344]

S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2005-07-25 12032]

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-15 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]

 

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22]

 

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22]

 

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22]

 

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22]

 

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22]

 

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

 

2010-01-15 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

 

2010-01-25 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

 

2010-01-25 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe

Trusted Zone: registration.sonystyle-europe.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-25 21:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C3C640]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3

\Driver\ACPI -> ACPI.sys @ 0xf7415cb8

\Driver\atapi -> 0x86c3c640

IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\System\MountedDevice1]

@Denied: (Read) (Administrators)

"\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00,

00,00,00,00,00

"\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00

"\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f,

8b,08,00,00,00

"\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00

"\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c,

4f,12,00,00,00

"\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00

"\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00,

00,00,00,00,00

"\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26,

db,12,00,00,00

"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00

"\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00,

00,00,00,00,00

"\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00,

00,00,00,00,00

"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,

43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\

"\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00,

00,00,00,00,00

"\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(3972)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft IntelliType Pro\dw15.exe

c:\program files\Microsoft IntelliPoint\dw15.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-01-25 21:40:34 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-25 20:39

 

Avant-CF: 27 204 055 040 octets libres

Après-CF: 27 178 467 328 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /TUTag=CJZ84W /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=CJZ84W-BAK

 

- - End Of File - - 7D4B8A40461A892B934210A3F4061BCB

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/eb76d3
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

laidet Junior Member

laidet

Posté(e)
  • Auteur
Posté(e)

Ci dessous mon log.txt suite à la manip ci dessus.

 

Merci pour l'analyse.

 

 

 

ComboFix 10-01-27.06 - install 28/01/2010 22:05:20.2.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.626 [GMT 1:00]

Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\install\Bureau\CFscript.txt

AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-28 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner

2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit

2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared

2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-01-18 20:28 . 2010-01-26 18:05 -------- d-----w- c:\program files\ZebHelpProcess

2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix

2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-28 21:14 . 2006-11-10 16:11 34653528 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2010-01-28 21:00 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat

2010-01-28 02:50 . 2010-01-18 20:50 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp

2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip

2010-01-21 19:23 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice

2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp

2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007

2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft

2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft

2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip

2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp

2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp

2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp

2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp

2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp

2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp

2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP

2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe

2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java

2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod

2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour

2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime

2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log

.

 

------- Sigcheck -------

 

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys

[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-01-25_20.14.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-28 21:14 . 2010-01-28 21:14 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat

+ 2006-09-01 13:34 . 2010-01-27 10:01 15159861 c:\windows\system32\ZoneLabs\spyware.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"Splash screen for Avast!"="c:\program files\Alwil Software\Avast4\ashAvast.exe" [2009-11-24 274640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 13b8

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-03 22:54 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook]

2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PlugPlay"=2 (0x2)

"Eventlog"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"nwiz"=nwiz.exe /install

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"SkyTel"=SkyTel.EXE

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler

"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=

"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [09/01/2006 14:29 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [09/01/2006 14:29 5248]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/01/2010 21:50 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 07:22 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 07:22 20560]

R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [25/07/2005 16:42 137344]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-15 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]

 

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

 

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

 

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

 

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

 

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

 

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

 

2010-01-15 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

 

2010-01-28 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

 

2010-01-28 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe

Trusted Zone: registration.sonystyle-europe.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 22:14

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C33228]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3

\Driver\ACPI -> ACPI.sys @ 0xf7415cb8

\Driver\atapi -> 0x86c33228

IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\System\MountedDevice1]

@Denied: (Read) (Administrators)

"\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00,

00,00,00,00,00

"\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00

"\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f,

8b,08,00,00,00

"\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00

"\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c,

4f,12,00,00,00

"\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00

"\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00,

00,00,00,00,00

"\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26,

db,12,00,00,00

"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00

"\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00,

00,00,00,00,00

"\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00,

00,00,00,00,00

"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,

43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\

"\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00,

00,00,00,00,00

"\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1988)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Alwil Software\Avast4\ashSimpl.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-01-28 22:30:21 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-28 21:29

ComboFix2.txt 2010-01-25 20:40

 

Avant-CF: 21 517 377 536 octets libres

Après-CF: 21 492 449 280 octets libres

 

- - End Of File - - 9D2E212E23F96D196B57A34E494EEB39

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...